Best Password Manager App??

DGalt said:

Does any of these (or any others) allow you to fill in the login information on websites (like roboform does)?

Click to expand...

SplashID on the desktop as well as android will auto fill in your user name and password. It is once again my favorite password manager !

pwabbit said:

I have tried the password managers that have been listed. None of them quite did it for me. The closest that I have found is "Wallet" by Tim Clark. I like that it is customizable and will backup to Dropbox.

Click to expand...

Agree! I LOVE this program, but really need something that will sync to my PC as well! I wish he'd create a desktop application and yes, if it worked, I'd pay a one time fee.

If anyone has found something similar that will work with PC and Android Honeycomb, and you can CREATE your db on your tablet, please let us know. I've tried a lot of them and none seem to be userfriendly/intuititive like Wallet.

I looked at many password manager apps and I decided on Pocket. It's already got many pre-organized common categories that you can add to or edit easily, which I found very helpful as far as starting me getting organized. Others don't do this, and I found it frustrating trying to divide my passwords accordingly.

Also, it has the option of 'scrambling' your password, so that if by some reason someone were to gain access, it wouldn't help them.

It is very sensitive in that it logs out rather quickly when not in use, (reasonable amount of time of inaction) as well as clears your clipboard upon exit.

Not to mention, its one of the more aesthetically pleasing apps in this field.

I'm very happy with it and the fact that it backs up to Dropbox is nice, too.

I'm finding Keepass on my phone with KeepassX on my Ubuntu laptop both using the same file located in dropbox pretty good.

The password generator on KeepassX is a good feature, now all my passwords are different, random and long. I don't even know them, nor do I need too now.

Markus729 said:

I looked at many password manager apps and I decided on Pocket. It's already got many pre-organized common categories that you can add to or edit easily, which I found very helpful as far as starting me getting organized. Others don't do this, and I found it frustrating trying to divide my passwords accordingly.

Also, it has the option of 'scrambling' your password, so that if by some reason someone were to gain access, it wouldn't help them.

It is very sensitive in that it logs out rather quickly when not in use, (reasonable amount of time of inaction) as well as clears your clipboard upon exit.

Not to mention, its one of the more aesthetically pleasing apps in this field.

I'm very happy with it and the fact that it backs up to Dropbox is nice, too.

Click to expand...

Dropbox functionality would be a plus for me.

+1 for keepass + dropbox

ictdog said:

I have been using SplashID for Palm, PPC and Blackberry for years. I just found out they have a version for Android and since I just got the Droid...I am going to get that as soon as I can...Never used the other one.

Click to expand...

I've been using Splashid for years and it works great on Android..

Ski

I like Kuff's Password Safe sure it doesnt have auto fill or a pc app that i know off but it syncs the encrypted db with dropbox. I've restored my passwords a few times with this feature and I couldnt live without a good backup.

Also its only 128-bit encryption instead of 256-bit but if you can hack 128-bit then you wouldn't be interested in my passwords.It does however allow you to had 2 categories of depth i.e main and sub categories then items, and you can set custom icons for each category.

It also features shake to show passwords, where your passwords are shown as stars until you shake the phone. Shaking again turns the passwords back to stars.

Okay, I've decided that I'm sick of using Word for my Password database, and like the idea of an Android app that two-way autosyncs with a cloud-based PC database of Passwords, so I can autofill password boxes, and maybe not even KNOW the password (that way, they're strong passwords). Does Keepass still have the sync issue between the PC software and the Android software? If you're updating a file stored on cloud, then surely it'll be the same file no matter how you access it?

However, a couple questions:

• Is it a good idea not to use Android apps for Password databases that aren't official? If the android app isn't made by the PC software company, then how trustworthy is the developer?
• Is cloud-based storage secure enough? If the database is 128-bit encrypted (for example), is that sufficient? Or is cloud-based storage somehow less secure than something stored on my PC at home, for example?
• Can we get a poll going for this topic? It's something I'm really keen on =)

AJP123 said:

Okay, I've decided that I'm sick of using Word for my Password database, and like the idea of an Android app that two-way autosyncs with a cloud-based PC database of Passwords, so I can autofill password boxes, and maybe not even KNOW the password (that way, they're strong passwords). Does Keepass still have the sync issue between the PC software and the Android software? If you're updating a file stored on cloud, then surely it'll be the same file no matter how you access it?

However, a couple questions:

• Is it a good idea not to use Android apps for Password databases that aren't official? If the android app isn't made by the PC software company, then how trustworthy is the developer?
• Is cloud-based storage secure enough? If the database is 128-bit encrypted (for example), is that sufficient? Or is cloud-based storage somehow less secure than something stored on my PC at home, for example?
• Can we get a poll going for this topic? It's something I'm really keen on =)

Click to expand...

I've not had any sync problems between my ubuntu pc with keepassX and the keepass app on my phone. I set them to both use the same database which lives in dropbox. I just have to remember to save any changes I make. Dropbox is encrypted as is the keepass file. I don't know any of my passwords as it's pretty easy to get the app to enter them.

ambientdroid said:

I've not had any sync problems between my ubuntu pc with keepassX and the keepass app on my phone. I set them to both use the same database which lives in dropbox. I just have to remember to save any changes I make. Dropbox is encrypted as is the keepass file. I don't know any of my passwords as it's pretty easy to get the app to enter them.

Click to expand...

And the developer couldn't access the passwords if he wanted to? Don't want my ENTIRE password database falling into wrong hands :/

AJP123 said:

And the developer couldn't access the passwords if he wanted to? Don't want my ENTIRE password database falling into wrong hands :/

Click to expand...

The passwords are stored on your machine, not in the cloud (unless you place the file there like I did with drop box).

Second, someone would need your database password to break the encryption and access the file.

Third, I believe (though I'm not 100%) that keepass is open-source meaning that there wouldn't be any 'backdoors' place by a corporation; or so I've read.

Skibumwi said:

I've been using Splashid for years and it works great on Android..

Ski

Click to expand...

I also have been using SplashID for years, but have hesitated to adopt it for Android--the Android user reviews on it are dreadful.

I'm hoping Desktop v6 will usher in some quality, as well as its advertised multi-sync'ing to Palm and Android.

Has anyone who moved from Palm noticed that the big Palm outfits like Splash and Resco, seem not able to offer good stuff on Android? Seems like maybe the $1-5 dollar Android pricing doesn't support the full staff they could afford when they charged $20-40 for Palm apps.

Has anyone tried mobileknox/desktopknox? There is a free version of Mobileknox and the desktop version is free. The Mobileknox premium version costs $2.14. I don't have a lot of experiance with it but I have been playing around to see what its capabilities are. It is a powerful safe for your sensitive data. You can plug whole text files inside this think (cut/past) and it will encrypt it for you. One drawback I've found so far is that it doesn't seem to plug your username/password into the website although you can launch the website from the app. Here are the advertised capabilities. I've added some things I found. (Not preceded by a *)

Mobileknox is a software application that is able to run on your Java-cellphone and stores all your passwords, codes etc. that you normally need to burden your brain with.
Mobileknox is a simple to use software. Entries can get edited easily either directly on your cellphone or through your desktop PC. Just synchronize them and all data is on your mobile device.

Features overview:
* Two applications in one: mobile and desktop version
* Many ways for data-synchronization (Bluetooth, IRDA, cable, memory card, internet)
and WiFi
* Runs on almost every cellphone/PDA
* Practical design with clean overview
* Simple creating, editing and deleting of entries
* Super safe AES encryption with 256 Bit keys
* Data import/export
-Encrypted XML on mobile, Encrypted/unencryped XML on desktop
-CVS and keepass CVS on desktop
* Go-To function for quick finding of entries
* Secure random password generator
-Shake phone to generate
* Automatic logout
-Can set time up 10 mins
* Automatic latest version update checker
* Pre-defined often used words for faster entries
-You can define your own words on the desktop and sync them to the Mobile.
* Statistics about entries
* IP address finder tool
-Finds the IP address of the desktop PC or cloud to use in the sync process
* Free to try, reasonable price for unlimited version
($2.14)

Been using SplashID 5.3 with Nexus One. Continually hangs phone, no smooth syncs, their customer service is poor - and each new version costs a bomb! I'm now stuck with "force restart" every time I activate SplashID on my phone. Trying to decide what to use instead.

ambientdroid said:

I'm finding Keepass on my phone with KeepassX on my Ubuntu laptop both using the same file located in dropbox pretty good.

The password generator on KeepassX is a good feature, now all my passwords are different, random and long. I don't even know them, nor do I need too now.

Click to expand...

Do you just use the field autofill function of keepass? It's not as complete as Lastpass, but it's still pretty good.

I tried Lastpass a couple days ago, but didn't like it's interface... And after hearing of a potential hacking of Lastpass, I'm not sure I want to rely on an online database. Does anyone know how likely it was Lastpass actually got hacked?

Also, given sites such as Lastpass aren't immune to hacking, what does that say about storing a Keepass file on dropbox? Is that secure?

Hope none of my Lastpass files were hacked... :/

I am using Roboform on my Desire, Ive not upgraded and find it stable on version 2.6 as Ive read that later versions seem to have issues.

lyndale said:

Been using SplashID 5.3 with Nexus One. Continually hangs phone, no smooth syncs, their customer service is poor - and each new version costs a bomb! I'm now stuck with "force restart" every time I activate SplashID on my phone. Trying to decide what to use instead.

Click to expand...

What device are you using it on?

I am currently trying to decide between Pocket and SplashID. Any insight to assist?

I use a spreadsheet in Google Docs. You can access it from any web browser, it saves changes automatically for you, you can have a different tab for work, home, school, etc.., and there is an Android app. What more do you need?

AJP123 said:

Do you just use the field autofill function of keepass? It's not as complete as Lastpass, but it's still pretty good.

I tried Lastpass a couple days ago, but didn't like it's interface... And after hearing of a potential hacking of Lastpass, I'm not sure I want to rely on an online database. Does anyone know how likely it was Lastpass actually got hacked?

Also, given sites such as Lastpass aren't immune to hacking, what does that say about storing a Keepass file on dropbox? Is that secure?

Hope none of my Lastpass files were hacked... :/

Click to expand...

The unusual LastPass activity gave me more confidence in them.

Both LastPass and (KeePass+Dropbox) encrypt the files on your end. If someone does hack LastPass/Dropbox then they get your encrypted DB.

There are no known weaknesses in either LastPass or Keepass, so the only way is brute forcing passwords, just have a long password, then we are talking millenium to crack.

Lastpass does have more advantages, but alas me trying to explain them would expose my novice security knowledge.

mrpaulc said:

I use a spreadsheet in Google Docs. You can access it from any web browser, it saves changes automatically for you, you can have a different tab for work, home, school, etc.., and there is an Android app. What more do you need?

Click to expand...

Some people like the capability of specialized password management apps, such as LastPass and KeePass, to generate random passwords, autofill password fields in log-on screens, and so on and so forth. But if you don't need these specialised features, by all means you can use a spreadsheet =).

mazka said:

The unusual LastPass activity gave me more confidence in them.

Both LastPass and (KeePass+Dropbox) encrypt the files on your end. If someone does hack LastPass/Dropbox then they get your encrypted DB.

There are no known weaknesses in either LastPass or Keepass, so the only way is brute forcing passwords, just have a long password, then we are talking millenium to crack.

Lastpass does have more advantages, but alas me trying to explain them would expose my novice security knowledge.

Click to expand...

Go on, try and explain the advantages of Lastpass over Keepass =). I much prefer Keepass to be honest.

Another question:
How strong does a password really need to be? Trying to max out Keepass's password strength meter requires a LONG password, or one with crazy ASCII characters. However, Lastpass thinks passwords not nearly as long as a "strong" password in Keepass are still sufficiently random. It's strange, the difference between Password generators in Lastpass and Keepass is huge. In Lastpass, all you can use is numbers, upper and lower case letters, and a few basic symbols. In Keepass, however, you can use any ASCII character.

What are people's thoughts? How many bits do I need in a Password (as defined by Keepass, my preferred Password database) for it to be brute force-proof?

AJP123 said:

Go on, try and explain the advantages of Lastpass over Keepass =). I much prefer Keepass to be honest.

Click to expand...

Haha no , but I use both, basically Lastpass for the convenience, I also export my DB to a Dropboxed Keepass as a backup. I have a high trust in both solutions.

I would say anything over 20characters is good. It's also worth noting that a 21character lower case password is stronger than a 20 character mixed case password. You gain more bits quicker by adding to length rather than alphabet size.
I typically use about 20chars alpha numeric, because of the above logic I have also ignored punctuation as it is sadly not universally accepted. For bruteforcing you are talking in centuries . http://www.lockdown.co.uk/?pg=combi

Why is this conversation so big?
There's only one good answer: LastPass is the best choice you could make. Just try the damn thing before decided on anything, including price.
You pay 1$/month ONLY if you want it to auto-fill in your mobile phone, otherwise the free features are the same with the paid one, except 24/h support, lol.

Oh and excuse me, doesn't using Dropbox for syncing KeePass mean that all your passwords will be available just by using one password, your Dropbox one?

Seems pretty unsafe, all your passwords for one, unencrypted one.